CONFIDENTIAL details of hundreds of patients could have fallen into the wrong hands after a Suffolk doctor dumped a computer server in a car park.

Kate McGrath

CONFIDENTIAL details of hundreds of patients could have fallen into the wrong hands after a Suffolk doctor dumped a computer server in a car park.

Dr Paul Thomas, of Gipping Valley GP practice, Barham, has been fined by NHS Suffolk for breaching his contract after a server containing “extremely sensitive data” was found by staff beside a skip.

The news comes in the same week it was revealed Dr Thomas was also fined for dispensing drugs inappropriately.

It is understood Dr Thomas, who is unavailable for comment this week, believed patient details had been erased from the server and it was suitable to be dumped.

NHS Suffolk has moved to reassure patients they believe the data has remained totally confidential.

Melanie Craig, deputy director of performance at NHS Suffolk, said: “We are very confident that the data hasn't fallen into the wrong hands.

“The computer server was dumped by a skip and contained extremely sensitive data of a very large number of patients from his practise. It was extremely fortunate that NHS staff who live near the practise spotted the server accidentally and were able to confiscate it.

“It is important to reassure patients that we able to secure the server so the data remained totally confidential.”

Tony Morgan, a representative from the Friends of Gipping Valley Practise, said he believed Dr Thomas thought the details had been erased from the server.

“I believe Dr Thomas thought the server had been decommissioned by people on behalf of NHS Suffolk. He believed the details had been erased. From what I understand, he doesn't believe it was his fault.

The exact number of patient files contained on the server is not known, but the practise has just under 2,000 patients.

NHS Suffolk said the server contained a large number of these.

Dr Thomas was found guilty of breaching his contract by the contract management committee within NHS Suffolk.

He was also reported to the Information Commissioner's Office who found him in breach of the Data Protection Act. He was made to sign an undertaking that sensitive personal information would be kept securely in future.

Sally-Anne Poole, head of enforcement and investigations at the commissioner's office, said: “It is vital that sensitive personal information, such as patient information, is handled securely. This is an important principle of the Data Protection Act. I am pleased that Dr Thomas is taking remedial action to improve data security.”

In addition the GP was given a joint fine of �10,000, which also included a penalty for dispensing drugs to patients who the NHS said must use pharmacies instead.

Doctors can only give out medicines themselves if patients live more than a mile from a pharmacy or face serious difficulties reaching one - a rule Dr Thomas has been ruled to have broken.

He has since decided to fight the decision and has appealed the fine with the Family Health Services Appeal Authority.